Developers Club geek daily blog

2 years, 3 months ago
image
(actually paranoya? it is cheerful)

Each programmer in the life at least once, but wrote/wanted to write (necessary to emphasize) the own server with blackjack and whores, oh i.e. preference and ballerinas. How to live if you unreal cool-hatsker also are simply obliged to take place for backups of files, messages and other pieces.


Of course the remote server protected from NSA/FSB, somewhere in Malazii / Japan or Egypt will be necessary. I rub cool-hatsker of course will write it on With, but not on any dzhaba, using tuyeva heap of frameworks/bicycles to form cross-bucket, but further not about it. Further about that, as if in the theory the system of the paranoid schizophrenic, which first personality has to look? cracker (yes, cookie), and the second? this is the agent of NSA/FSB. We will have specific schizophrenia, i.e. the cracker knows nothing about the agent and naobort (passwords and keys final at everyone different).

If very long to reflex IB specialist (the uncle who was serving/teaching somewhere in military University) will give rise to the least scheme of such server also will tell you that so it is necessary to do always, in any system. And this system will be is the cornerstone by the wonderful mechanism of protection against NSD including heap of hogwash, unnecessary for cookie. (NSD? it in abbreviated form, from not authorized access, all cool guys from the 50th use this abbreviation) And will show you beautiful skhemka
image
It is the general picture of how all this works in NSA/FSB (yes, yes hi FSB).
The author rasshifrovvyvat some reductions so:
  • Automated workplace of SATURDAY? the automated security police workplace (that, the truth the automated? Hi from 50kh, and once again hi to all state agencies)
  • KP? keys of users
  • PC? personal to kompyyuta (seriously? Also on the scheme it is possible to mean the terminal by the PC) above
  • UNDP? unique identifier of the user (in common people the alphabetic combination named with login is used)


But, this scheme is far from life cool-hatskera. It has no physical access to the server. The real cracker does not trust even to iron which spetsilno for it could put in Malaziya NSA/FSB. Give for minute we will stay after all professionals, and we will think that we have, and that it is necessary to us.

That we have:


  • remote server of 1 piece (and we do not trust it), configuration of standard 1-2 Gb of operativa, N terabyte of storage. On the basis of any processor with couple of kernels. The network interface card and connection to the Internet it is obligatory.


That is necessary:


  • abrupt super secure system which has to provide
  • ? anonymity
  • ? complete security of information from NSD (the processor too the hostile, hard drive is hostile even more, and the channel between you and the server on - full is removed intelligence services)


Follows from the second point that

  • The server has to be written as virus, with shifrovaniye, obfuskation, etc. to unevozmozhnit the analysis of its work and interception of data in the working mode.
  • The communication link has to be reliably ciphered using asymmetric cryptography (Alya by ssl/tls).
  • The information access has to be provided on login-password, all stored information has to be in addition (except as well as on the user party) is ciphered on the server by one more user key.
  • When exceeding admissible number of attempts of input steam login-password, ip-adress of requester becomes long Bang.
  • At long absence of data of auto-logout.
  • Kill-switch for data, on each user (i.e. at successful input there is opportunity one team reliably to cut all the data, i.e. the stored data, and login-password). About reliable cutting out of data it is possible to esteem here
  • Since mistrust to the execution environment full, all cryptographic algorithms of zabandlena (are completely implemented in server code). Because, there can be situation when we causes what-nibudt libcrypto-api in unix, and there instead of AES is substituted, worrying about us the specialist-slezhbami, any at best xor, and vkhudshy empty run of data.
  • It is desirable still temporary reorganization on tcp/udp for ports. I.e. we will tell we sit 10 minutes on 6000, and then we jump on the port on cryptographic-firmly GPS (generator of pseudorandom sequence). What is the cryptographic firmness of GPSP read or here, or in Wicky.


It seems as everything if that has forgotten, I will add as I will remember.

Step 1? Authentication



Autentifika? tion (English Authentication) ? authenticity check procedure, for example: check of authenticity of the user by comparison of the password entered by it with the password in database of users; 

As Wikipedia speaks we will compare passwords on compliance to database. The first people have understood that it is abrupt idea, and have thought up RAR (from English Password Authentication Protocol) This protocol sent the password entered by the user to the server where that looks at it, whether and spoke there is truth, or not it on the earth.

Protocol packet:
image

interpretation
  • peer-id-length? it is long user ID (feast on the peer-to-peer networks)
  • peer-id? the identifier
  • (upon it all known pascal-line, long to 255 characters, because field of 1 bytes)
  • password-length? it is long the password
  • password? the password


And in general, who did not study those at school English not place in cool-hatskerakh, on it further I will not translate level English 4 classes.

image

The problem of such protocol has appeared that since the password is transferred in open form, it is possible to look at it simply in tcpdump.
Then the coolest specialists from the existing have thought that the password needs to be transferred and stored in look, irreversible but so that it was possible to compare the password and its irreversible look on the server. Here go into action cryptographic resistant hash function.

Hashing (sometimes ? hashing?, English hashing) ? conversion on certain algorithm of input data array of arbitrary length to output bit string of fixed length. Such conversions are also called hash functions or convolution functions, and their results call hash, hash code or the report of the message (English message digest).

Cryptographic hash function ? everyone hash function, being cryptorack.

In order that hash function of H was considered cryptographic resistant, it has to meet three main requirements on which the majority of applications hash functions in cryptography is based:
  • Irreversibility or resistance to recovery of prototype: for preset value m hash function cannot vychislitelno be found data unit of X, for which H(X)=m.
  • Resistance to collisions of the first sort or recovery of the second prototypes: for the set message of M it has to be impossible vychislitelno to pick up other message of N, for which H(N)=H(M).
  • Resistance to collisions of the second sort: vychislitelno it has to be impossible to pick up couple of messages  (M, M?), having identical hash.

These requirements are not independent:
  • Reversible function is unstable to collisions of the first and second sort.
  • Function, non-persistent to collisions of the first sort, is unstable to collisions of the second sort; the return is incorrect.


Here have also decided that passwords need to be hashed, and in base on the server, to store hash, and to verify them. It was next step, and the protocol was called by CHAP.
CHAP (English Challenge Handshake Authentication Protocol)? the widespread algorithm of check of authenticity providing transfer not of the user password, but indirect data on him. 

Structure of packet:
image

Scheme of work:
image

CHAP according to the standard uses MD5. And I say that it is possible to use anything another, though the crypto - the bicycle. But, the smart cracker will never write crypto - the bicycle because knows that is possible natktunsya on cloud of holes in implementation, beginning from attack on time, finishing with the wrong given-out values.

In cryptography attack on time (English Timing attack) ? it is attack in which attacking tries to compromise cryptosystem by means of the analysis of time spent for execution of cryptographic algorithms. Each logic operation demands time for execution on the computer and this time can differ depending on input data. Locating precise measurements of time for different operations, attacking can recover input data.

So Wicky speaks, and it is not necessary are afraid of the word to compromise, in common people call to crack, but nevertheless be competent. I explain on fingers:
x ? сообщение
H(x) ? хеш функция
t(H(x)) ? функция времени хеширования сообщения


Remembering the 6th classes of school function ? this rule by which to each element of one set (called by definition range) some element of other set (called by area of values) is put in compliance. I.e. even if t (H (x)) answer a little x, we can pick up necessary to us, by check. Let's allow there is message? Mishgan? we hash it, H turns out (? Mishgan?) = abracadabra, and t (abracadabra = 0.01 with, but here ill luck that
t(H(?Иван?)) = t(H(?Марфа?)) = t(H(?Мишган?)) = 0.01с
and not important to that hashes since it is known what is the time are equal it is necessary on hashing of some message, and simply substituting in the message in turn? Ivan?? Marfa? and? Mishgan?, we receive, what the password? Mishgan? works, and we come from N-that attempt into the necessary account.

Therefore we take all cryptography with OpenBSD of sorts (source codes), in passing verifying it with open implementations of other linguistic data bases / projects and bandly it in our project. CHAP is very simple, and it is possible to implement it, even for the beginning programmer.

Thus step 1 can consider passed. To new meetings!

P.S. stated everything frivolous language to relieve the tension, and to force brains to acquire information having a rest.
P.S.S become more cryptographic - competent, it is your safety and anonymity. To all crypto-api proverb? Trust but check?. Pseudo is more increasing than specialists in IB.
Never confuse P.S.S.S the hacker and cracker,
Ha? ker (English hacker, from to hack ? to cut, cut to pieces) ? the highly skilled IT specialist, the person who understands computer programs runtime subtleties.
Initially hackers called programmers who corrected errors in the software any fast and not always elegant (in the context of used in the program of programming style and its general structure, design of interfaces) or professional way; the word hack has come from lexicon of hippie, in Russian there is identical slangy word? to get the idea? or? to cut in...?. See hacker (programmer subculture) (English) russk. and en:hacker (hobbyist).
Now value is most widely known? computer hacker? ? cracker (English cracker, from to crack ? to split, break)
Many hackers can be crackers and vice versa, but it not equivalent concepts.

This article is a translation of the original post at habrahabr.ru/post/241854/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: sysmagazine.com@gmail.com.

We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.

comments powered by Disqus